Overview Recently, NSFOCUS CERT detected that Oracle has released a security announcement and fixed two information disclosure vulnerabilities (CVE-2024-21006/CVE-2024-21007) in Oracle WebLogic Server. Due to the defects of T3/IIOP protocol, unauthenticated attackers can send malicious requests through servers affected by T3/IIOP protocol. Access to sensitive information on the target system....
Blog
Palo Alto Networks PAN-OS Command Injection Vulnerability (CVE-2024-3400)
Overview Recently, NSFOCUS CERT detected that Palo Alto Networks issued a security announcement and fixed the command injection vulnerability (CVE-2024-3400) in PAN-OS. Since GlobalProtect gateway or portal configured in PAN-OS does not strictly filter user input, unauthenticated attackers can construct special packets to execute arbitrary code on the firewall with...
Segurança de API: O que é e como otimizar a proteção?
A segurança de API (Application Programming Interface) é uma preocupação central para desenvolvedores e empresas que buscam proteger seus sistemas contra acessos não autorizados e violações de dados. As APIs são essenciais para a comunicação entre diferentes softwares, facilitando a integração de sistemas e a automação de tarefas, mas também...
NSFOCUS Recognized as a Representative Vendor in the Gartner® Market Guide for Network Detection and Response
SANTA CLARA, Calif., April 15, 2024 – NSFOCUS, a global leader in cybersecurity solutions, has been named a representative vendor in the 2024 Gartner Market Guide for Network Detection and Response. As a key strategic product, NSFOCUS's network threat detection and response solutions have rapidly evolved and delivered exceptional performance,...
NIPS Troubleshooting Steps for No Log
NIPS aims to accurately monitor abnormal network traffic, automatically blocking various types of aggressive traffic in real-time, particularly application layer threats. It aims to take proactive measures instead of merely providing alerts at the time of or after detecting malicious traffic. When malicious traffic is detected and blocked, a threat...
XZ-Utils Supply Chain Backdoor Vulnerability Updated Advisory (CVE-2024-3094)
Vulnerability Overview Recently, NSFOCUS CERT detected that the security community disclosed a supply chain backdoor vulnerability in XZ-Utils (CVE-2024-3094), with a CVSS score of 10. Since the underlying layer of SSH relies on liblzma, when certain conditions are met, an attacker can use this vulnerability to bypass SSH authentication and...
